Show HN: Browse, upvote and comment on HN from command line https://ift.tt/KroIPwb

Show HN: Browse, upvote and comment on HN from command line Hi HN! I've built hnterminal, a pip package that lets you browse, upvote, and comment on Hacker News from your terminal. To get started: $ pip install hnterminal $ hnterminal hnterminal is an interactive REPL environment with commands like "get_front_page", "get_tree", "upvote", "reply_to", etc, each of which supports rich arguments and comes with full help documentation. Checkout the readme. https://ift.tt/cht7pMV May 11, 2023 at 09:57PM

Show HN: Oneleet – Penetration Testing for SOC 2 and beyond https://ift.tt/4C8GpYJ

Show HN: Oneleet – Penetration Testing for SOC 2 and beyond Hello HN, Over the past months at Oneleet (YC S22), our team has been building https://app.oneleet.com , a compliance-focused pentesting-as-a-service platform. It allows companies to easily schedule and manage penetration tests, designed for both compliance and security enhancement. We collaborate exclusively with top-tier vetted penetration testers based in NATO countries, ensuring superior quality results. Competitors like Cobalt work with just about anyone, of which they put multiple on a single engagement to ‘average out’ the quality. Despite their efforts, it is still hit-and-miss. By being very selective about who we work with (many Cobalt pentesters don’t make the cut), we are very consistent in the level of insight and quality we provide. Our team puts a lot of work into making sure that pentest results can be leveraged beyond security improvements. We are fully aware that with the current SOC 2 craze[1] most companies are just looking to tick their compliance and control boxes[2][3], but that doesn’t mean you can’t have both that box ticked and fundamentally improve your app’s security. Which is why we make sure our pentests serve both purposes: Present technical detail at a deep level but also provide documentation that is meant to be a sales and trust-building tool. Some of the things I used to hate when I worked as a pentester myself was seeing how common it had become for pentesters to just take Nessus findings, slap a pentest report title page on it and then proudly proclaim how they found these critical ‘SSL’ and ‘HTTP Header’ findings. Not to mention how much trouble it can get you in with your auditor when they see all those criticals they don’t understand the nature of. When those auditors then require you to fix all those criticals, you quickly find yourself going down a rabbit hole of unnecessary engineering effort. Great pentesters, on the other hand, use those exact same tools but know what to do with the information that they generate. Take a tool like Burp Suite, which is known among pentesters as the go-to tool for manual web app pentesting. Despite it primarily being used for manual testing, it also has ‘auto scanning’ functionality built in that is mostly useless without a human guiding the tool. More than once I heard both pentesters and clients state: “We already do Burp Suite scanning, so we have that covered.” Don’t get me wrong.. there are plenty of tools that provide a lot of insight without needing human guidance. Running Nuclei[4] frequently on your web-facing hosts is a great way to spot low-hanging fruit-type vulnerabilities, but it will require you to at least have some basic understanding of what the reported findings entail, and whether the associated severities are accurate or not (CVSS scores can be very random, so using them as a yardstick can be a terrible idea). This is why we’re strict about not allowing testers to inflate the severity of findings, or to revert to reporting boilerplate findings that many automated tools spit out by default. If you’re interested in having a pentest performed, you can get started by going to https://app.oneleet.com . After registration, you will be guided through an onboarding flow after which you can schedule a call with the founding team and a pentester. We’d love to get your feedback and answer any questions you might have! References: [1] https://ift.tt/mDS4k7q ] [2] https://ift.tt/Xo8Ad4S [3] https://ift.tt/0beMknC [4] https://ift.tt/h7b13sy https://ift.tt/3Lgfsj1 May 11, 2023 at 11:37PM

Show HN: AutoGPT for Ethereum https://ift.tt/gSIDBxq

Show HN: AutoGPT for Ethereum I built this on a weekend, I would love to get some feedback on the app. https://www.etherpal.xyz/ May 11, 2023 at 02:55PM

Show HN: Interactive story map built using Google 3D Tiles and deck.gl https://ift.tt/cZsOxXn

Show HN: Interactive story map built using Google 3D Tiles and deck.gl https://ift.tt/h8iCTKN May 11, 2023 at 12:22PM

Show HN: BundleStore – increase revenue by offering your product in a bundle https://ift.tt/L3lmHrX

Show HN: BundleStore – increase revenue by offering your product in a bundle On BundleStore, users buy more to save more. By offering your product in a bundle, you can make your product instantly more attractive! Visit the website and tell me what your product is, and I'll do the rest. https://ift.tt/W4PMRFn May 11, 2023 at 02:28PM

Show HN: Search Xkcd https://ift.tt/SB9turD

Show HN: Search Xkcd https://xkcd.netcore.io May 11, 2023 at 01:33PM

Show HN: Deterministic objective Bayesian inference for spatial models [pdf] https://ift.tt/2I8NOb1

Show HN: Deterministic objective Bayesian inference for spatial models [pdf] To give some context, objective Bayesian inference refers to Bayesian analysis (i.e. integrating over the parameter space) using a prior that is design to represent "minimal information" (see [1], [2], and [3] for an overview). Particularly in cases where a model's likelihood function is not strongly peaked about a point, objective Bayesian inference can give better results than methods based off of point estimates like Maximum Likelihood [4]. Reference priors provides a general approach to construct so-called noninformative priors that are suitable for Objective Bayesian analysis ([5], [6]). The approach takes a practical viewpoint of noninformative priors and looks to build priors that are both tractable and provide good performance on frequentist coverage simulations. See Section 2 for a description of how the process and frequentist simulations work and [7] for examples with some basic models (e.g. why 1/σ^2 is the noninformative prior for the variance of normally distributed data with known mean). [8] was the first to develop reference priors for Gaussian processes models, and [9] extended the work to handle Gaussian Processes with noise (or nugget effects). The project I'm working on provides software and algorithms to do deterministic inference using the prior from [9]. Typically, such inference has been done using MCMC sampling algorithms; but my belief is that deterministic algorithms can give results that are more consistent, less sensitive to parameter tweaking, and more efficient, at the expense of some engineering cost and loss of generality. For an example of how the algorithms work on a real-world data set of zinc measurements in a flood plain along the Meuse river [10], see https://ift.tt/p93YhcB... References [1]: https://ift.tt/mkaHWfl [2]: https://ift.tt/8G6LEQD... [3]: https://ift.tt/1h0b4Qv [4]: https://ift.tt/gIeh3zR... [5]: https://ift.tt/4ZMR3uF... [6]: https://ift.tt/RCg1Jpx [7]: https://ift.tt/ykYPrFR... [8]: https://ift.tt/A7c8pTw... [9]: https://ift.tt/LO159cT... [10]: https://ift.tt/bKyks7x... https://ift.tt/ykncjJT May 10, 2023 at 08:37PM